CVE-2025-60798

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions 7.13.0 and earlier

Description phpPgAdmin versions 7.13.0 and earlier contain a SQL injection issue in the display.php file at line 396. The application directly uses user-provided input from the query parameter in the $ REQUEST array within the browseQuery function without sufficient sanitization. An authenticated attacker can manipulate queries to execute arbitrary SQL commands, potentially compromising the entire database. The vulnerable parameter is query.

Recommendations Versions prior to 7.13.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.